On Thu, Jul 24, 2025 at 07:19:48PM +0000, Aaron Ballman wrote: > I'll have to think about that more, but my initial reaction is: that's > making our implementation/design problems be the user's problem. Maybe > that's fine? But it would be kind of frustrating as a user to have > code using `__counted_by(foo)` that I want to modify to say > `__counted_by(foo * CHAR_BIT)` but then find out it needs to be > `__counted_by_expr(foo * CHAR_BIT)` and now there are contexts where > that doesn't work because of potential C++ shenanigans.
FWIW, this will already be true in Linux as we've been early adopters: counted_by on flexible array members is in released compiler versions already, but counted_by on pointer member is not yet. To support a span of compiler versions Linux will already need to split even single-identifier counted_by into two macros: __counted_by() for flexible array members, and __counted_by_ptr() for pointer members. Adding __counted_by_expr() is no problem! :) And in a decade when all the flavors are in all supported compiler versions we can do a quick treewide replacement. -- Kees Cook
